195539 matches found
Tenda US_W3V1.0BR 安全漏洞
Tenda USW3V1.0BR is a home-use wireless router firmware product from the Tenda company. Version 1.0.0.3 of Tenda USW3V1.0BR contains a security vulnerability. This vulnerability stems from a stack overflow issue with the Go parameter in the asktoreboot function, which could allow attackers to cau...
Microsoft Windows Push Notifications 竞争条件问题漏洞
Microsoft Windows Push Notifications is a push notification service provided by the American company Microsoft. It provides a reliable way to deliver new updates. There are vulnerabilities related to competition conditions in Microsoft Windows Push Notifications. Attackers can exploit these...
Microsoft Graphics Component 资源管理错误漏洞
The Microsoft Graphics Component is a graphics driver component developed by Microsoft Corporation. There is a resource management vulnerability in the Microsoft Graphics Component. Attackers can exploit this vulnerability to gain elevated privileges. The following products and versions are...
VMware Micrometer 资源管理错误漏洞
VMware Micrometer is an application monitoring metric collection framework developed by the American company VMware. There is a resource management vulnerability in VMware Micrometer; this vulnerability stems from the ability for users to submit custom HTTP requests, which may lead to denial of...
Microsoft Exchange Server 跨站脚本漏洞
Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. Microsoft Exchange Server has a cross-site scripting vulnerability. Attackers exploit this...
Microsoft Remote Desktop Client 缓冲区错误漏洞
Microsoft Remote Desktop Client is a remote desktop client developed by Microsoft Corporation. There are security vulnerabilities in Microsoft Remote Desktop Client. Attackers can exploit these vulnerabilities to execute code. The following products and versions are affected: Windows 10 Version...
MongoDB Server 安全漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, Inc. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which arises from triggering invariant...
QNAP qumagie 授权问题漏洞
QNAP Systems QuMagie is an AI-powered photo management software developed by QNAP Systems, a company based in Taiwan, China. Versions of QNAP Systems QuMagie prior to version 2.9.1 contained security vulnerabilities. These vulnerabilities were caused by user-controlled keys that allowed...
Microsoft Office Word 资源管理错误漏洞
Microsoft Office Word is a word processing software developed by Microsoft. There is a resource management vulnerability in Microsoft Office Word, which stems from an untrusted pointer dereferencing. This vulnerability may allow unauthorized attackers to execute code locally...
Microsoft Windows Secure Boot 处理逻辑错误漏洞
Microsoft Windows Secure Boot is a security boot mechanism provided by the American company Microsoft. There are security vulnerabilities associated with Microsoft Windows Secure Boot. Attackers can exploit these vulnerabilities to bypass certain features. The following products and versions are...
Tenda O3 安全漏洞
The Tenda O3 is an outdoor wireless bridge produced by the Chinese company Tenda. Version 1.0.0.54180 of the Tenda O3 has a security vulnerability. This vulnerability stems from a stack overflow issue with the username parameter in the R7WebsSecurityHandler function, which could allow attackers t...
Microsoft BitLocker 授权问题漏洞
Microsoft Windows BitLocker is a security feature provided by Microsoft that ensures the recovery key is backed up and secure before it is activated. There is an access control vulnerability in Microsoft Windows BitLocker. Attackers can exploit this vulnerability to bypass certain features. The...
Microsoft Winlogon 后置链接漏洞
Microsoft Winlogon is a component built into the Windows NT series operating system developed by Microsoft. There is a post-release vulnerability in Microsoft Winlogon. Attackers can exploit this vulnerability to gain elevated privileges. The following products and versions are affected: Windows ...
Microsoft Office Sharepoint Server 跨站脚本漏洞
Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a cross-site scripting vulnerability. Attackers exploit this vulnerability to carry out cross-site scripting attacks. The followi...
Tenda W20E 安全漏洞
The Tenda W20E is a router produced by the Chinese company Tenda. The version 15.11.0.6 of the Tenda W20E contains a security vulnerability. This vulnerability stems from a buffer overflow in the webAuthUserInfo parameter within the formAddWebAuthUser function, which could allow attackers to caus...
Huawei EMUI和Huawei HarmonyOS 权限许可和访问控制问题漏洞
Huawei EMUI and Huawei HarmonyOS are both products of the Chinese company Huawei. Huawei EMUI is a mobile operating system developed based on Android. Huawei HarmonyOS is an operating system that provides a full-scenario distributed operating system based on a microkernel. Both Huawei EMUI and...
Microsoft Windows Push Notifications 竞争条件问题漏洞
Microsoft Windows Push Notifications is a push notification service provided by the American company Microsoft. It provides a reliable way to deliver new updates. There are compatibility issues with Microsoft Windows Push Notifications. The following products and versions are affected: Windows 10...
Siemens SINEC INS 安全漏洞
Siemens SINEC INS is a software developed by Siemens, a German company, that provides central services for network infrastructure. Versions of Siemens SINEC INS prior to SINEC INS V1.0 SP2 Update 6 contained security vulnerabilities. These vulnerabilities stemmed from the use of static, hard-code...
OpenSSL 异常处理不当漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...
Microsoft Windows Program Compatibility Assistant Service 竞争条件问题漏洞
Microsoft Windows is an operating system used on personal devices by the American company Microsoft. The Microsoft Windows Program Compatibility Assistant Service has a security vulnerability. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions...
Microsoft Office Excel 缓冲区错误漏洞
Microsoft Office Excel is a spreadsheet software developed by Microsoft in the United States. Microsoft Office Excel has a buffer error vulnerability, which stems from integer underflow. This vulnerability may allow unauthorized attackers to execute code locally...
SAP MDG Review Match Groups Application 安全漏洞
The SAP MDG Review Match Groups Application is a data duplication detection tool developed by SAP, a German company. This application has security vulnerabilities; these vulnerabilities stem from the lack of necessary authorization checks, which may lead to privilege escalation...
NETGEAR Orbi 缓冲区错误漏洞
NETGEAR Orbi is a distributed WiFi system developed by NETGEAR, a company in the United States. Versions of NETGEAR Orbi 370 prior to V12.1.2.7 contained a buffer error vulnerability. This vulnerability allowed attackers to intercept and manipulate traffic between the router and the internet. The...
Adobe Dreamweaver Desktop 缓冲区错误漏洞
Adobe Dreamweaver Desktop is a web design and development software provided by Adobe, a company based in America. Versions of Adobe Dreamweaver Desktop starting from 21.7 and earlier contain a buffer error vulnerability. This vulnerability stems from accessing uninitialized pointers, which may...
Microsoft Windows Secure Boot 权限许可和访问控制问题漏洞
Microsoft Windows Secure Boot is a security boot feature provided by the American company Microsoft. There is an access control error vulnerability in Microsoft Windows Secure Boot. Attackers can exploit this vulnerability to bypass certain features. The following products and versions are...
MongoDB Server 日志信息泄露漏洞
MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a vulnerability in MongoDB Server where log information may be leaked...
Microsoft Windows DHCP Server 缓冲区错误漏洞
Microsoft Windows DHCP Server is a core service of the American company Microsoft, used for automatically retrieving network configuration information. There are security vulnerabilities in Microsoft Windows DHCP Server. Attackers can exploit these vulnerabilities to execute code. The following...
Tenda W15E 安全漏洞
The Tenda W15E is a wireless router produced by the Chinese company Tenda. The version 15.11.0.10 of the Tenda W15E contains a security vulnerability. This vulnerability stems from a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function, which could allow attackers ...
Adobe InDesign Desktop 缓冲区错误漏洞
Adobe InDesign Desktop is a professional desktop publishing and typesetting design software, primarily used for creating print and digital publications. There is a security vulnerability in Adobe InDesign Desktop, which stems from improper handling of data writing boundaries. Attackers can exploi...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Tenda W20E 安全漏洞
Tenda W20E is a router produced by the Chinese company Tenda. The Tenda W20E has a buffer overflow vulnerability in the formCropAndSetWewifiPic function, specifically with respect to the picCropName parameter. An attacker can exploit this vulnerability to cause a denial-of-service attack...
Microsoft Nuance PowerScribe 360 反序列化漏洞
Microsoft Nuance PowerScribe is a medical speech recognition and report generation system for radiologists developed by Microsoft. There are code-related vulnerabilities in Microsoft Nuance PowerScribe. Attackers can exploit these vulnerabilities to execute code remotely. The following products a...
FastApiAdmin 跨站脚本漏洞
FastApiAdmin is a full-stack rapid development platform based on FastAPI, developed by fastapiadmin. Version 2.2.0 of FastApiAdmin contains a cross-site scripting vulnerability. This vulnerability stems from the /system/notice/create endpoint, which has a cross-site scripting vulnerability relate...
OpenSSL 代码问题漏洞
OpenSSL is an open-source encryption library developed by the OpenSSL team that enables secure implementation of Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. This product supports various encryption algorithms, including symmetric ciphers, hash algorithms, and secure...
WordPress plugin Wow Forms SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Microsoft Windows Kernel Mode Drivers 缓冲区错误漏洞
Microsoft Windows is an operating system used on personal devices by the American company Microsoft. There are security vulnerabilities in Microsoft Windows. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affected: Windows Server 202...
Microsoft Office 缓冲区错误漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a security vulnerability in Microsoft Office, which stems from a heap buffer overflow...
Microsoft Office 缓冲区错误漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a security vulnerability in Microsoft Office, which stems from type confusion. This...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reusing of resources after they are released...
req 安全漏洞
“req” is a simple Go HTTP client developed by a Roc individual using Black Magic. Versions of “req” from 0.1.0 to 0.6.1 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of highly compressed data, which could allow an attacker-controlled HTTP server to exhau...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a security vulnerability, which stems from an integer overflow issue...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reuse of resources after the Dawn process is terminated...
AgentCore CLI 代码注入漏洞
AgentCore CLI is an open-source AI agent development and deployment command-line tool developed by Amazon Web Services. Versions of AgentCore CLI prior to 0.14.2 contained a code injection vulnerability. This vulnerability stemmed from improper use of triple quotes in Python code generation. It...
HTMLSanitizer 跨站脚本漏洞
HTMLSanitizer is an HTML formatting software open source by JuliaHub. Versions of HTMLSanitizer prior to 2.3.2 had a cross-site scripting vulnerability. This vulnerability occurred when ALLOWINSECURERAWTEXT was enabled, resulting in blank variant closing tags being ignored, which could lead to...
Apache HTTP Server 安全漏洞
Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Apache HTTP Server versions 2.4.67 and earlier contain security vulnerabilities, which stem fro...
Imagination Graphics DDK 安全漏洞
Imagination Graphics DDK is a GPU driver toolkit developed by the British company Imagination. There is a security vulnerability in Imagination Graphics DDK. This vulnerability arises from improper GPU system calls when the software runs as a non-privileged user. This leads to errors in managing...
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by the American company Google. Google Chrome has a resource management vulnerability that stems from the reuse of resources after a Proxy is released...
SourceCodester Class and Exam Timetabling System 注入漏洞
SourceCodester Class and Exam Timetabling System is an open-source classroom and exam scheduling system developed by SourceCodester. Version 1.0 of the SourceCodester Class and Exam Timetabling System has a SQL injection vulnerability, which arises from incorrect handling of the parameter "sy" in...
NLnet Labs Routinator 安全漏洞
NLnet Labs Routinator is an open-source RPKI routing origin verification service developed by NLnet Labs. There is a security vulnerability in NLnet Labs Routinator, which may lead to crashes when encountering files defined using a special document type via RRDP...
WordPress plugin Stripe Payments 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...